Initial commit

Author: V3RON

.agents/skills/cordierite

@@ -0,0 +1 @@
+../../skills/cordierite

.github/workflows/ci.yml

@@ -0,0 +1,133 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-and-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.11
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Build
+        run: bun run build
+
+      - name: Lint
+        run: bun run lint
+
+  playground-build-android:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.11
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 17
+
+      - name: Setup Android SDK
+        uses: android-actions/setup-android@v3
+        with:
+          packages: |
+            platform-tools
+            platforms;android-36
+            build-tools;36.0.0
+            ndk;27.1.12297006
+          cache: true
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Build workspace packages
+        run: bun run build
+
+      - name: Prebuild Android (Expo)
+        working-directory: playground
+        env:
+          CI: "true"
+          EXPO_NO_TELEMETRY: "1"
+        run: bunx expo prebuild --platform android --no-install
+
+      - name: Setup Gradle (wrapper + dependency cache)
+        uses: gradle/actions/setup-gradle@v4
+        with:
+          build-root-directory: playground/android
+
+      - name: Assemble debug APK
+        working-directory: playground/android
+        run: ./gradlew assembleDebug --no-daemon
+
+  playground-build-ios:
+    runs-on: macos-14
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: ccache
+        uses: hendrikmuhs/ccache-action@v1.2
+        with:
+          key: playground-ios-${{ hashFiles('bun.lock', 'playground/package.json', 'playground/app.json') }}
+          append-timestamp: false
+          max-size: 2G
+
+      - name: Use ccache with Apple Clang (Xcode)
+        run: |
+          echo "CC=ccache $(xcrun -find clang)" >> "$GITHUB_ENV"
+          echo "CXX=ccache $(xcrun -find clang++)" >> "$GITHUB_ENV"
+          echo "CCACHE_BASEDIR=${{ github.workspace }}" >> "$GITHUB_ENV"
+          echo "CCACHE_COMPILERCHECK=content" >> "$GITHUB_ENV"
+          echo "CCACHE_SLOPPINESS=clang_index_store,file_macro,time_macros,include_file_mtime,include_file_ctime" >> "$GITHUB_ENV"
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.11
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Build workspace packages
+        run: bun run build
+
+      - name: Prebuild iOS (Expo)
+        working-directory: playground
+        env:
+          CI: "true"
+          EXPO_NO_TELEMETRY: "1"
+          LANG: en_US.UTF-8
+        run: bunx expo prebuild --platform ios
+
+      - name: Build for iOS Simulator
+        working-directory: playground/ios
+        run: |
+          xcodebuild \
+            -workspace playground.xcworkspace \
+            -scheme playground \
+            -configuration Debug \
+            -sdk iphonesimulator \
+            -destination 'generic/platform=iOS Simulator' \
+            build \
+            CODE_SIGNING_ALLOWED=NO

.gitignore

@@ -0,0 +1,35 @@
+# dependencies (bun install)
+node_modules
+
+# output
+out
+dist
+*.tgz
+
+# code coverage
+coverage
+*.lcov
+
+# logs
+logs
+_.log
+report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# caches
+.turbo
+.eslintcache
+.cache
+*.tsbuildinfo
+
+# IntelliJ based IDEs
+.idea
+
+# Finder (MacOS) folder config
+.DS_Store

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) Szymon Chmal and Callstack
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,52 @@
+[![Cordierite][cordierite-banner]][repo]
+
+### Expose app tools securely—no debug menus in the binary
+
+[![MIT license][license-badge]][license] [![npm downloads][npm-downloads-badge]][npm-downloads] [![PRs Welcome][prs-welcome-badge]][prs-welcome]
+
+Cordierite exists so **developers, QA, and automation** can drive **registered tools** and influence **in-app state** from a **CLI or agent host**—without shipping hidden **debug screens**, secret gestures, or admin panels inside the app. The app exposes only the **tool surface you define** in code; control stays on the **other end of a pinned `wss://` session** you initiate when it makes sense (local desk, CI, VPN, or a host on the internet).
+
+## Why it exists
+
+Shipping ad-hoc debug UIs in production builds is risky: they leak intent, widen attack surface, and are hard to gate consistently. Cordierite inverts that: **production-capable** builds can still participate in Cordierite **when a trusted host is available**, because trust is **not** “anyone on Wi‑Fi” or “whoever crafted a link”—it is **TLS + SPKI pinning** to identities you embed, plus **short-lived session bootstrap** so deep links are hints, not proof of authority. The same channel works for **human operators** (CLI), **test automation**, and **agents**.
+
+## Security
+
+- **No backdoor UI**: nothing extra in the app UI for attackers to discover; capability is **tool APIs + transport**, not mystery menus.
+- **Encrypted transport**: `wss://` end-to-end; no cleartext control traffic on the wire.
+- **Pinned server identity**: the native client matches your host’s public key (SPKI); IP, DNS, and deep-link origin are not enough to impersonate the host.
+- **Session bootstrap**: one-time, session-bound channel after claim—appropriate for production when pins and provisioning match your threat model.
+
+
+## Monorepo layout
+
+| Package | Role |
+| --- | --- |
+| [`cordierite`](packages/cordierite/README.md) | CLI and host tooling |
+| [`cordierite-shared`](packages/cordierite-shared/README.md) | Shared library (CLI + React Native) |
+| [`react-native-cordierite`](packages/react-native-cordierite/README.md) | TurboModule client + optional Expo config plugin |
+
+Clone the repo and install with your usual workspace workflow. The [playground](playground/README.md) is the reference dev app; [playground/certs](playground/certs/README.md) explains dev TLS and pin rotation.
+
+## Platform compatibility
+
+- **CLI / host**: any modern **JavaScript runtime** that can run the published package and open TLS sockets.
+- **React Native**: iOS and Android with **New Architecture**; web is a safe stub only.
+
+## Made with ❤️ at Callstack
+
+`cordierite` is an open source project and will always remain free to use. If you think it's cool, please star it 🌟. [Callstack][callstack-readme-with-love] is a group of React and React Native geeks, contact us at [hello@callstack.com](mailto:hello@callstack.com) if you need any help with these or just want to say hi!
+
+Like the project? ⚛️ [Join the team](https://callstack.com/careers/?utm_campaign=Senior_RN&utm_source=github&utm_medium=readme) who does amazing stuff for clients and drives React Native Open Source! 🔥
+
+[cordierite-banner]: https://img.shields.io/badge/Cordierite-callstack%2Fincubator-111827?style=for-the-badge&logo=github&logoColor=white
+[repo]: https://github.com/callstackincubator/cordierite
+[callstack-readme-with-love]: https://callstack.com/?utm_source=github.com&utm_medium=referral&utm_campaign=cordierite&utm_term=readme-with-love
+[license-badge]: https://img.shields.io/npm/l/cordierite?style=for-the-badge
+[license]: https://github.com/callstackincubator/cordierite/blob/main/LICENSE
+[npm-downloads-badge]: https://img.shields.io/npm/dm/cordierite?style=for-the-badge
+[npm-downloads]: https://www.npmjs.com/package/cordierite
+[prs-welcome-badge]: https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=for-the-badge
+[prs-welcome]: ./CONTRIBUTING.md
+[chat-badge]: https://img.shields.io/discord/426714625279524876.svg?style=for-the-badge
+[chat]: https://discord.gg/xgGt7KAjxv